|
|
 |
|
|
Changelog for pki-kra-10.4.1-17.el7_4.noarch.rpm :
Fri Nov 10 13:00:00 2017 Dogtag Team 10.4.1-17
- ###########################################################################
- ## RHCS 9.2
- ###########################################################################
- #Bugzilla Bug #1507160 - TPS new configuration to allow the protocol of
Fri Oct 13 14:00:00 2017 Dogtag Team 10.4.1-16
- ###########################################################################
- ## RHCS 9.2
- ###########################################################################
- #Bugzilla Bug #1439228 - externalRegRecover does not support multiple
- #Bugzilla Bug #1507160 - TPS new configuration to allow the protocol of
- #Bugzilla Bug #1471996 - Certificate Revocation Reasons not being updated
- ###########################################################################
- ## RHEL 7.4
- ###########################################################################
- Bugzilla Bug #1500499 - Certificate Revocation Reasons not being updated
in some cases [rhel-7.4.z] (cfu)
- Bugzilla Bug #1502527 - CA cert without Subject Key Identifier causes
issuance failure [rhel-7.4.z] (ftweedal)
- Bugzilla Bug #1492560 - ipa-replica-install --setup-kra broken on DL0
[rhel-7.4.z] (ftweedal)
NOTE: Check-ins for #1492560 all reference the dogtagpki Pagure Issue
associated with Bugzilla Bug #1402280 - CA Cloning: Failed to
update number range in few cases (which is not yet fully resolved)
Mon Sep 18 14:00:00 2017 Dogtag Team 10.4.1-15
- Bugzilla Bug #1492560 - ipa-replica-install --setup-kra broken on DL0
[rhel-7.4.z] (ftweedal)
Tue Sep 12 14:00:00 2017 Dogtag Team 10.4.1-14
- Require \"jss >= 4.4.0-8\" as a build and runtime requirement
- ##########################################################################
- RHEL 7.4:
- ##########################################################################
- Resolves: rhbz #1486870,1485833,1487509,1490241,1491332
- Bugzilla Bug #1486870 - Lightweight CA key replication fails (regressions)
[RHEL 7.4.z] (ftweedal)
- Bugzilla Bug #1485833 - Missing CN in user signing cert would cause error
in cmc user-signed [rhel-7.4.z] (cfu)
- Bugzilla Bug #1487509 - pki-server-upgrade fails when upgrading from
RHEL 7.1 [rhel-7.4.z] (ftweedal)
- Bugzilla Bug #1490241 - PKCS12: upgrade to at least AES and SHA2 (FIPS)
[rhel-7.4.z] (ftweedal)
- Bugzilla Bug #1491332 - TPS UI: need to display tokenType and tokenOrigin
for token certificates on TPS UI Server [rhel-7.4.z] (edewata)
- dogtagpki Pagure Issue #2764 - py3: pki.key.archive_encrypted_data:
TypeError: ... is not JSON serializable (ftweedal)
- ##########################################################################
- RHCS 9.2:
- ##########################################################################
- Resolves: rhbz #1486870,1485833,1487509,1490241,1491332,1482729,1462271
- Bugzilla Bug #1462271 - TPS incorrectly assigns \"tokenOrigin\" and
\"tokenType\" certificate attribute for recovered certificates. (cfu)
- Bugzilla Bug #1482729 - TPS UI: need to display tokenType and tokenOrigin
for token certificates on TPS UI (edewata)
Mon Aug 21 14:00:00 2017 Dogtag Team 10.4.1-13
- Resolves: rhbz #1463350
- ##########################################################################
- RHEL 7.4:
- ##########################################################################
- Bugzilla Bug #1463350 - Access banner validation (edewata)
[pki-core-server-access-banner-retrieval-validation.patch]
Wed Jul 19 14:00:00 2017 Dogtag Team 10.4.1-12
- Resolves: rhbz #1472615,1472617,1469447,1463350,1469449,1472619,1464970,1469437,1469439,1469446
- ##########################################################################
- RHEL 7.4:
- ##########################################################################
- Bugzilla Bug #1472615 - CC: allow CA to process pre-signed CMC non-signing
certificate requests (cfu)
[PREVIOUS PATCH: pki-core-beta.patch]
[PREVIOUS PATCH: pki-core-snapshot-4.patch]
- Bugzilla Bug #1472617 - CMC: cmc.popLinkWitnessRequired=false would cause
error (cfu)
[PREVIOUS PATCH: pki-core-post-beta.patch]
- Bugzilla Bug #1469447 - CC: CMC: check HTTPS client authentication cert
against CMC signer (cfu)
[PREVIOUS PATCH: pki-core-CMC-check-HTTPS-client-authentication-cert.patch]
- Bugzilla Bug #1463350 - Access banner validation (edewata)
[pki-core-server-access-banner-validation.patch]
- Bugzilla Bug #1469449 - CC: allow CA to process pre-signed CMC renewal
non-signing cert requests (cfu)
[PREVIOUS PATCH: pki-core-snapshot-1.patch]
[pki-core-pre-signed-CMC-renewal-UniqueKeyConstraint.patch]
- Bugzilla Bug #1472619 - Platform Dependent Python Import (mharmsen)
[pki-core-platform-dependent-python-import.patch]
- Bugzilla Bug #1464970 - CC: CMC: replace id-cmc-statusInfo with
id-cmc-statusInfoV2 (cfu)
[pki-core-CMC-id-cmc-statusInfoV2.patch]
- Bugzilla Bug #1469437 - subsystem-cert-update command lacks --cert option
(dmoluguw)
[pki-core-subsystem-cert-update-CLI-cert-option.patch]
- Bugzilla Bug #1469439 - Fix Key Changeover with HSM to support SCP03
(jmagne)
[pki-core-HSM-key-changeover-SCP03-support.patch]
- Bugzilla Bug #1469446 - CC: need CMC enrollment profiles for system
certificates (cfu)
[pki-core-system-cert-CMC-enroll-profile.patch]
Mon Jul 17 14:00:00 2017 Dogtag Team 10.4.1-11
- Resolves: rhbz #1469432
- ##########################################################################
- RHEL 7.4:
- ##########################################################################
- Bugzilla Bug #1469432 - CMC plugin default change
- Resolves CVE-2017-7537
- Fixes BZ #1470948
Mon Jun 19 14:00:00 2017 Dogtag Team 10.4.1-10
- ##########################################################################
- RHEL 7.4:
- ##########################################################################
- Bugzilla Bug #1458043 - Key recovery on token fails with
invalid public key error on KRA (alee)
- Bugzilla Bug #1460764 - CC: CMC: check HTTPS client
authentication cert against CMC signer (cfu)
- Bugzilla Bug #1461533 - Unable to find keys in the p12 file after
deleting the any of the subsystem certs from it (ftweedal)
Mon Jun 12 14:00:00 2017 Dogtag Team 10.4.1-9
- ##########################################################################
- RHEL 7.4:
- ##########################################################################
- Bugzilla Bug #1393633 - Creating symmetric key (sharedSecret)
using tkstool is failing when RHEL 7.3 is in FIPS mode. (jmagne)
- Bugzilla Bug #1419756 - CC: allow CA to process pre-signed CMC
non-signing certificate requests (cfu)
- Bugzilla Bug #1419777 - CC: allow CA to process pre-signed CMC
revocation non-signing cert requests (cfu)
- Bugzilla Bug #1458047 - change the way aes clients refer to
aes keysets (alee)
- Bugzilla Bug #1458055 - dont reuse IVs in the CMC code
(alee)
- Bugzilla Bug #1460028 - In keywrap mode, key recovery on
KRA with HSM causes KRA to crash (ftweedal)
Mon Jun 5 14:00:00 2017 Dogtag Team 10.4.1-8
- Require \"selinux-policy-targeted >= 3.13.1-159\" as a runtime requirement
- Require \"tomcatjss >= 7.2.1-4\" as a build and runtime requirement
- ##########################################################################
- RHEL 7.4:
- ##########################################################################
- Bugzilla Bug #1400149 - pkispawn fails to create CA subsystem on FIPS
enabled system (edewata)
- Bugzilla Bug #1447144 - CA brought down during separate KRA instance
creation (edewata)
- Bugzilla Bug #1447762 - pkispawn fails occasionally with this failure
ACCESS_SESSION_ESTABLISH_FAILURE (edewata)
- Bugzilla Bug #1454450 - SubCA installation failure with 2 step
installation in fips enabled mode (edewata)
- Bugzilla Bug #1456597 - Certificate import using pki client-cert-import
is asking for password when already provided (edewata)
- Bugzilla Bug #1456940 - Build failure due to Pylint issues (cheimes)
- Bugzilla Bug #1458043 - Key recovery using externalReg fails
with java null pointer exception on KRA (alee)
- Bugzilla Bug #1458379 - Upgrade script for keepAliveTimeout parameter
(edewata)
- Bugzilla Bug #1458429 - client-cert-import --ca-cert should
import CA cert with trust bits \"CT,C,C\" (edewata)
- ##########################################################################
- RHCS 9.2:
- ##########################################################################
- Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne)
Tue May 30 14:00:00 2017 Dogtag Team 10.4.1-7
- ##########################################################################
- RHEL 7.4:
- ##########################################################################
- Bugzilla Bug #1393633 - Creating symmetric key (sharedSecret)
using tkstool is failing when RHEL 7.3 is in FIPS mode. (jmagne)
- Bugzilla Bug #1445519 - CA Server installation with HSM fails
(jmagne)
- Bugzilla Bug #1452617 - Unable to create IPA Sub CA
(ftweedal)
- Bugzilla Bug #1454471 - Enabling all subsystems on startup
(edewata)
- Bugzilla Bug #1455617 - Key recovery on token fails because
key record is not marked encrypted (alee)
Tue May 23 14:00:00 2017 Dogtag Team 10.4.1-6
- Bugzilla Bug #1454603 - Unable to install IPA server due to pkispawn error
(mharmsen)
Mon May 22 14:00:00 2017 Dogtag Team 10.4.1-5
- ##########################################################################
- RHEL 7.4:
- ##########################################################################
- Bugzilla Bug #1419761 - CC: allow CA to process pre-signed CMC renewal
non-signing cert requests (cfu)
- Bugzilla Bug #1447080 - CC: CMC: allow enrollment key signed (self-signed)
CMC with identity proof (cfu)
- Bugzilla Bug #1447144 - CA brought down during separate KRA instance
creation (mharmsen)
- Bugzilla Bug #1448903 - exception Invalid module \"--ignore-banner\" when
defined in ~/.dogtag/pki.conf and run pki pkcs12-import --help (edewata)
- Bugzilla Bug #1450143 - CA installation with HSM in FIPS mode fails (jmagne)
- Bugzilla Bug #1452123 - CA CS.cfg shows default port (mharmsen)
- Bugzilla Bug #1452250 - Inconsistent CERT_REQUEST_PROCESSED event in
ConnectorServlet. (edewata)
- Bugzilla Bug #1452340 - Ensuring common audit log correctness (edewata)
- Bugzilla Bug #1452344 - Adding serial number into CERT_REQUEST_PROCESSED
audit event. (edewata)
Tue May 9 14:00:00 2017 Dogtag Team 10.4.1-4
- ##########################################################################
- RHEL 7.4:
- ##########################################################################
- Bugzilla Bug #1386303 - cannot extract generated private key from KRA when
HSM is used. (alee)
- Bugzilla Bug #1446364 - pkispawn returns before tomcat is ready (cheimes)
- Bugzilla Bug #1447145 - CMC: cmc.popLinkWitnessRequired=false would cause
error (cfu)
- Bugzilla Bug #1448203 - CAInfoService: retrieve KRA-related values from
the KRA (ftweedal)
- Bugzilla Bug #1448204 - pkispawn of clone install fails with
InvalidBERException (ftweedal)
- Bugzilla Bug #1448521 - kra unable to extract symmetric keys generated on
thales hsm (alee)
- Updated \"jss\" build and runtime requirements (mharmsen)
- ##########################################################################
- RHCS 9.2:
- ##########################################################################
- Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne)
Mon May 1 14:00:00 2017 Dogtag Team 10.4.1-3
- ############################################################################
- RHEL 7.4:
- ############################################################################
- Bugzilla Bug #1303683 - dogtag should support GSSAPI based auth in
conjuction with FreeIPA (ftweedal)
- Bugzilla Bug #1385208 - RHCS 9.1 RC5 CA in the certificate profiles the
startTime parameter is not working as expected. (jmagne)
- Bugzilla Bug #1419756 - CC: allow CA to process pre-signed CMC non-signing
certificate requests (cfu)
- Bugzilla Bug #1426754 - PKCS12: upgrade to at least AES and SHA2 (ftweedal)
- Bugzilla Bug #1445088 - profile modification cannot remove existing config
parameters (ftweedal)
- Bugzilla Bug #1445535 - CC: Crypto Operation (AES Encryption/Decryption)
(RHEL) (alee)
- Bugzilla Bug #1446874 - Missing ClientIP and ServerIP in audit log when
pki CLI terminates SSL connection (edewata)
- Bugzilla Bug #1446875 - Session timeout for PKI console (RHEL) (edewata)
- ############################################################################
- RHCS 9.2:
- ############################################################################
- Bugzilla Bug #1404480 - CC: Crypto Operation (AES Encryption/Decryption)
(RHCS) (alee)
Mon Apr 17 14:00:00 2017 Dogtag Team 10.4.1-2
- ############################################################################
- RHEL 7.4:
- ############################################################################
- Bugzilla Bug #1282504 - Installing pki-server in container reports
scriptlet failed, exit status 1 (jpazdziora)
- Bugzilla Bug #1400149 - pkispawn fails to create CA subsystem on FIPS
enabled system (edewata)
- Bugzilla Bug #1410650 - [RFE] Add SCP03 support
for sc 7 g & d cards (RHEL) (jmagne)
- Bugzilla Bug #1437591 - cli authentication using expired cert throws an
exception (edewata)
- Bugzilla Bug #1437602 - non-CA cli looks for CA in the instance during a
request (edewata)
- ############################################################################
- RHCS 9.2:
- ############################################################################
- Bugzilla Bug #1274086 - [RFE] Add SCP03 support
for sc 7 g & d cards (RHCS) (jmagne)
- ############################################################################
- Common Criteria
- ############################################################################
- Bugzilla Bug #1404080 - CC: add audit event: various SSL/TLS failures
(edewata)
- Bugzilla Bug #1417307 - CC: Audit Review /Searches (edewata)
- Bugzilla Bug #1419737 - CC: CMC: id-cmc-popLinkWitnessV2 feature
implementation (cfu)
Mon Mar 27 14:00:00 2017 Dogtag Team 10.4.1-1
- Require \"nss >= 3.28.3\" as a build and runtime requirement
- Require \"jss >= 4.4.0-4\" as a build and runtime requirement
- Require \"tomcatjss >= 7.2.1-3\" as a build and runtime requirement
- dogtagpki Pagure Issue #2612 - Unable to clone due to pki pkcs12-cert-find
failure (edewata)
- ############################################################################
- Bugzilla Bug #1394309 - Rebase pki-core to 10.4.x in RHEL-7.4
- Bugzilla Bug #1394315 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
pki-console to 10.4.x
- ############################################################################
- RHEL 7.4:
- ############################################################################
- ############################################################################
- RHCS 9.2:
- ############################################################################
- ############################################################################
- Common Criteria
- ############################################################################
- Bugzilla Bug #1419734 - CC: CMC: id-cmc-identityProofV2 feature
implementation (cfu)
- Bugzilla Bug #1419742 - CC: CMC: provide Proof of Possession for encryption
cert requests (cfu)
- Bugzilla Bug #1404080 - CC: add audit event: various SSL/TLS failures
(edewata)
- Bugzilla Bug #1428020 - CC: CMC feature support: provided issuance
protection cert mechanism (cfu)
Tue Mar 14 13:00:00 2017 Dogtag Team 10.4.0-1
- Require \"jss >= 4.4.0-1\" as a build and runtime requirement
- Require \"tomcatjss >= 7.2.1-1\" as a build and runtime requirement
- ############################################################################
- Bugzilla Bug #1394309 - Rebase pki-core to 10.4.x in RHEL-7.4
- Bugzilla Bug #1394315 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
pki-console to 10.4.x
- ############################################################################
- RHEL 7.4:
- ############################################################################
- Bugzilla Bug #1222557 - ECDSA Certificates Generated by Certificate System
8.1 fail NIST validation test with parameter field. (cfu)
- Bugzilla Bug #1238684 - Generting Symmetric key fails with key-generate
when --usages verify (vakwetu)
- Bugzilla Bug #1246635 - user-cert-add --serial CLI request to secure port
with remote CA shows authentication failure (edewata)
- Bugzilla Bug #1249400 - CA EE: Submit caUserCert request without uid does
not show proper error message (vakwetu)
- Bugzilla Bug #1305993 - Add profile component that copies CN to SAN
(ftweedal)
- Bugzilla Bug #1316653 - pki ca-cert-request-submit fails presumably because
of missing authentication even if it should not require any (edewata)
- Bugzilla Bug #1325071 - add options to enable/disable cert or crl
publishing. (vakwetu)
- Bugzilla Bug #1330800 - Failed to start pki-tomcatd Service
(\"ipa-cacert-manage renew\" failed?) (edewata)
- Bugzilla Bug #1368410 - Misleading Logging for HSM (edewata)
- Bugzilla Bug #1372052 - Unable to search certificate requests using the
latest request ID (edewata)
- Bugzilla Bug #1375347 - Typo in comment line of
UserPwdDirAuthentication.java (edewata)
- Bugzilla Bug #1376226 - IPA replica-prepare failed with error
\"Profile caIPAserviceCert Not Found\" (ftweedal)
- Bugzilla Bug #1376488 - pkispawn fails as it is not able to find openssl as
a dependency package (mharmsen)
- Bugzilla Bug #1378275 - two-step externally-signed CA installation fails due
to missing AuthorityID (ftweedal)
- Bugzilla Bug #1378277 - Spurious host authority entries created (ftweedal)
- Bugzilla Bug #1378527 - Miscellaneous Minor Changes (edewata)
- Bugzilla Bug #1381084 - KRA installation failed against externally-signed CA
with partial certificate chain (edewata)
- Bugzilla Bug #1382066 - Problems with FIPS mode (edewata)
- Bugzilla Bug #1386371 - Remove xenroll.dll from pki-core (mharmsen)
- Bugzilla Bug #1386424 - Fix packaging duplicates of classes in multiple jar
files (edewata)
- Bugzilla Bug #1391737 - Changes to target.agent.approve.list parameter is
not reflected in the TPS Web UI (RHEL 7) (edewata)
- Bugzilla Bug #1392068 - [RFE] add express archivals and retrievals from KRA
(vakwetu)
- Bugzilla Bug #1395817 - Unable to install subordinate CA with HSM in FIPS
mode (edewata)
- Bugzilla Bug #1397200 - pkispawn does not change default ecc key size from
nistp256 when nistp384 is specified in spawn config (jmagne)
- Bugzilla Bug #1399862 - Dogtag 10.3.9 Man Pages (edewata)
- Bugzilla Bug #1404881 - TPS throws \"err=6\" when attempting to format and
enroll G&D Cards (jmagne)
- Bugzilla Bug #1405654 - Token memory not wiped after key deletion (RHEL)
(jmagne)
- Bugzilla Bug #1409946 - Request ID undefined for CA signing certificate
(vakwetu)
- Bugzilla Bug #1409949 - CA Certificate Issuance Date displayed on CA website
incorrect (vakwetu)
- Bugzilla Bug #1410650 - [RFE] Add SCP03 support (RHEL) (jmagne)
- Bugzilla Bug #1411428 - Unable to create a CA clone in FIPS (edewata)
- Bugzilla Bug #1412211 - Unable to set up KRA in FIPS (edewata)
- Bugzilla Bug #1412681 - update to 7.3 IPA with otpd bugfixes, tomcat will
not finish start, hangs (ftweedal)
- Bugzilla Bug #1413132 - pki-tomcat for 10+ minutes before generating cert
(edewata)
- Bugzilla Bug #1413136 - Problem with default AJP hostname in IPv6
environment. (edewata)
- ############################################################################
- RHCS 9.2:
- ############################################################################
- Bugzilla Bug #1248553 - TPS Enrollment always goes to \"ca1 (cfu)
- Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne)
- Bugzilla Bug #1274096 - [BUG] Add ability to disallow TPS to enroll a single
user on multiple tokens. (jmagne)
- Bugzilla Bug #1379379 - Unable to read an encrypted email using renewed
tokens (jmagne)
- Bugzilla Bug #1379749 - Automatic recovery of encryption cert is not working
when a token is physically damaged and a temporary token is issued (jmagne)
- Bugzilla Bug #1381375 - Cert/Key recovery is successful when the cert serial
number and key id on the ldap user mismatches (cfu)
- Bugzilla Bug #1381635 - Token format with external reg fails when
op.format.externalRegAddToToken.revokeCert=true (cfu)
- Bugzilla Bug #1382762 - PIN_RESET policy is not giving expected results when
set on a token (jmagne)
- Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is
not reflected in the TPS Web UI (RHCS 9) (edewata)
- Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS
tokendb shows different certificate status (cfu)
- Bugzilla Bug #1395479 - TPS throws \"err=6\" when attempting to format and
enroll G&D Cards (RHCS) (jmagne)
- Bugzilla Bug #1404900 - Dogtag 10.3.9 logging properties (edewata)
- Bugzilla Bug #1405655 - Token memory not wiped after key deletion (RHCS)
(jmagne)
- ############################################################################
Mon Mar 6 13:00:00 2017 Dogtag Team 10.3.3-18
- ## RHEL 7.3.z Batch Update 4
- Bugzilla Bug #1429492 - Add profile component that copies CN to SAN
(ftweedal)
Mon Jan 30 13:00:00 2017 Dogtag Team 10.3.3-17
- ## RHCS 9.1.z Batch Update 3
- Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS
tokendb shows different certificate status (cfu)
- ## RHEL 7.3.z Batch Update 3
- Bugzilla Bug #1417063 - ECDSA Certificates Generated by Certificate System
8.1 fail NIST validation test with parameter field. (cfu)
- Bugzilla Bug #1417064 - Unable to search certificate requests using the
latest request ID (edewata)
- Bugzilla Bug #1417065 - CA Certificate Issuance Date displayed on CA website
incorrect (alee)
- Bugzilla Bug #1417066 - update to 7.3 IPA with otpd bugfixes, tomcat will
not finish start, hangs (ftweedal)
- Bugzilla Bug #1417067 - pki-tomcat for 10+ minutes before generating cert
(edewata)
- Bugzilla Bug #1417190 - Problem with default AJP hostname in IPv6
environment. (edewata)
Thu Dec 15 13:00:00 2016 Dogtag Team 10.3.3-16
- Separate original patches into RHEL and RHCS portions
- ## RHEL 7.3.z Batch Update 2
- Bugzilla Bug #1404176 - logging properties and man pages (edewata)
- Bugzilla Bug #1405328 - TPS throws \"err=6\" when attempting to format and
enroll G&D Cards (jmagne)
- ## RHCS 9.1.z Batch Update 2
- Bugzilla Bug #1395479 - TPS throws \"err=6\" when attempting to format and
enroll G&D Cards (jmagne)
- Bugzilla Bug #1404900 - RHCS logging properties (edewata)
Tue Dec 13 13:00:00 2016 Dogtag Team 10.3.3-15
- ## RHEL 7.3.z Batch Update 2
- Bugzilla Bug #1404173 - user-cert-add --serial CLI request to secure port
with remote CA shows authentication failure (edewata)
- Bugzilla Bug #1404175 - pki ca-cert-request-submit fails presumably because
of missing authentication even if it should not require any (edewata)
- Bugzilla Bug #1404178 - Changes to target.agent.approve.list parameter is
not reflected in the TPS Web UI [pki-base] (edewata)
- Bugzilla Bug #1404172 - Unable to install subordinate CA with HSM in FIPS
mode (edewata)
- Bugzilla Bug #1403689 - pkispawn does not change default ecc key size from
nistp256 when nistp384 is specified in spawn config (jmagne)
- Bugzilla Bug #1404176 - logging properties and man pages (edewata)
- ## RHCS 9.1.z Batch Update 2
- Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is
not reflected in the TPS Web UI [pki-tps] (edewata)
- Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS
tokendb shows different certificate status (cfu)
- Bugzilla Bug #1395479 - TPS throws \"err=6\" when attempting to format and
enroll G&D Cards (jmagne)
Tue Nov 8 13:00:00 2016 Dogtag Team 10.3.3-14
- Marked the following RHCS 9.1.z bug:
Bugzilla Bug #1382862 - TPS token enrollment fails to setupSecureChannel
when TPS and TKS security db is on fips mode. (jmagne)
as a duplicate of RHEL 7.3.z bug:
Bugzilla Bug #1389757 - Problems with FIPS mode (edewata)
and moved the patch from the RHCS 9.1.z bug to the RHEL 7.3.z bug.
Thu Nov 3 13:00:00 2016 Dogtag Team 10.3.3-13
- ## RHEL 7.3.z Batch Update 1
- Bugzilla Bug #1389757 - Problems with FIPS mode (edewata)
(added KRA key recovery via CLI in FIPS mode)
- ## RHCS 9.1.z Batch Update 1
- Reverted patches associated with
Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is
not reflected in the TPS Web UI (edewata)
Mon Oct 31 13:00:00 2016 Dogtag Team 10.3.3-12
- ## RHEL 7.3.z Batch Update 1
- Bugzilla Bug #1390318 - CA EE: Submit caUserCert request without uid does
not show proper error message (alee)
- Bugzilla Bug #1390319 - Failed to start pki-tomcatd Service
(\"ipa-cacert-manage renew\" failed?) (edewata)
- Bugzilla Bug #1390320 - pkispawn fails as it is not able to find openssl as
a dependency package (mharmsen)
- Bugzilla Bug #1390321 - two-step externally-signed CA installation fails due
to missing AuthorityID (ftweedal)
- Bugzilla Bug #1390322 - Spurious host authority entries created (ftweedal)
- Bugzilla Bug #1390324 - KRA installation failed against externally-signed CA
with partial certificate chain (edewata)
- Bugzilla Bug #1389757 - Problems with FIPS mode (edewata)
- Bugzilla Bug #1390311 - Fix packaging duplicates of classes in multiple jar
files (edewata)
- Bugzilla Bug #1390325 - Typo in comment line of UserPwdDirAuthentication.java
(edewata)
- ## RHCS 9.1.z Batch Update 1
- Bugzilla Bug #1248553 - TPS Enrollment always goes to \"ca1\" (cfu)
- Bugzilla Bug #1274096 - [BUG] Add ability to disallow TPS to enroll a
single user on multiple tokens. (jmagne)
- Bugzilla Bug #1379379 - Unable to read an encrypted email using renewed
tokens (jmagne)
- Bugzilla Bug #1379749 - Automatic recovery of encryption cert is not working
when a token is physically damaged and a temporary token is issued (jmagne)
- Bugzilla Bug #1381375 - Cert/Key recovery is successful when the cert serial
number and key id on the ldap user mismatches
- Bugzilla Bug #1381635 - Token format with external reg fails when
op.format.externalRegAddToToken.revokeCert=true (cfu)
- Bugzilla Bug #1382762 - PIN_RESET policy is not giving expected results when
set on a token (jmagne)
- Bugzilla Bug #1382862 - TPS token enrollment fails to setupSecureChannel
when TPS and TKS security db is on fips mode. (jmagne)
- Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is
not reflected in the TPS Web UI (edewata)
Mon Oct 10 14:00:00 2016 Dogtag Team 10.3.3-11
- PKI TRAC Ticket #1527 - TPS Enrollment always goes to \"ca1\" (cfu)
- PKI TRAC Ticket #1664 - [BUG] Add ability to disallow TPS to enroll a single
user on multiple tokens. (jmagne)
- PKI TRAC Ticket #2478 - pkispawn fails as it is not able to find openssl as a
dependency package (mharmsen)
- PKI TRAC Ticket #2483 - Unable to read an encrypted email using renewed
tokens (jmagne)
- PKI TRAC Ticket #2496 - Cert/Key recovery is successful when the cert serial
number and key id on the ldap user mismatches (cfu)
- PKI TRAC Ticket #2505 - Fix packaging duplicates of classes in multiple jar
files (edewata)
Fri Sep 9 14:00:00 2016 Dogtag Team 10.3.3-10
- Revert Patch: PKI TRAC Ticket #2449 - Unable to create system certificates
in different tokens (edewata)
- Resolves: rhbz #1374054 - ipa-replica-install fails setting up certificate
- Restores: rhbz #1319557 - pkispawn KRA instance is failing server
- Removes from Errata: rhbz #1372041 - Unable to create system certificates
in different tokens
Tue Sep 6 14:00:00 2016 Dogtag Team 10.3.3-9
- PKI TRAC Ticket #1638 - Lightweight CAs: revoke certificate on CA deletion
(ftweedal)
- PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements
(edewata)
- PKI TRAC Ticket #2443 - Prevent deletion of host CA\'s keys if LWCA entry
deleted (ftweedal)
- PKI TRAC Ticket #2444 - Authority entry without entryUSN is skipped even if
USN plugin enabled (ftweedal)
- PKI TRAC Ticket #2446 - pkispawn: make subject_dn defaults unique per
instance name (for shared HSM) (cfu)
- PKI TRAC Ticket #2447 - CertRequestInfo has incorrect URLs (vakwetu)
- PKI TRAC Ticket #2449 - Unable to create system certificates in different
tokens (edewata)
Mon Aug 29 14:00:00 2016 Dogtag Team 10.3.3-8
- PKI TRAC Ticket #1578 - Authentication Instance Id PinDirEnrollment with authType value as SslclientAuth is not working (jmagne)
- PKI TRAC TIcket #2414 - pki pkcs12-cert-del shows a successfully deleted message when a wrong nickname is provided (gkapoor)
- PKI TRAC Ticket #2423 - pki_ca_signing_token when not specified does not fallback to pki_token_name value (edewata)
- PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (akasurde) - ticket remains open
- PKI TRAC Ticket #2439 - Outdated deployment descriptors in upgraded server(edewata)
Tue Aug 23 14:00:00 2016 Dogtag Team 10.3.3-7
- PKI TRAC Ticket #690 - [MAN] pki-tools man pages (mharmsen)
- CMCEnroll
- PKI TRAC Ticket #833 - pki user-mod fullName=\"\" gives an error message
\"PKIException: LDAP error (21): error result\" (edewata)
- PKI TRAC Ticket #2431 - Errors noticed during ipa server upgrade.
(cheimes, edewata, mharmsen)
- PKI TRAC Ticket #2432 - Kra-selftest behavior is not as expected (edewata)
- PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements
(edewata, mharmsen)
- PKI TRAC Ticket #2437 - TPS UI: while adding certs for users from TPSUI pem
format with/without header works while pkcs7 with header is not allowed
(edewata)
- PKI TRAC Ticket #2440 - Optional CA signing CSR for migration (edewata)
Mon Aug 15 14:00:00 2016 Dogtag Team 10.3.3-6
- Bugzilla Bug #1366465 - Errata TPS upgrade test fails
Mon Aug 8 14:00:00 2016 Dogtag Team 10.3.3-5
- PKI TRAC Ticket #978 - TPS connector man page: add revocation routing
info (cfu)
- PKI TRAC Ticket #1285 - [MAN] Apply \'generateCRMFRequest() removed from
Firefox\' workarounds to appropriate \'pki\' man page (jmagne)
- PKI TRAC Ticket #2246 - [MAN] Man Page: AuditVerify (cfu)
- PKI TRAC Ticket #2381 - Throws exception while providing invalid module.
(edewata)
- PKI TRAC Ticket #2383 - CLI :: pki client-cert-request --extractable
should accept only boolean value (edewata)
- PKI TRAC Ticket #2389 - Installation: subsystem certs could have notAfter
beyond CA signing cert in case of external or existing CA (cfu)
- PKI TRAC Ticket #2399 - Dogtag 10.3.5: Miscellaneous Enhancements
(akasurde, alee, cheimes, edewata, jmagne, mharmsen)
- PKI TRAC Ticket #2401 - pkispawn calls dnsdomainname even if it does not
rpm-require hostname (mharmsen)
- PKI TRAC Ticket #2402 - Conflict in file ownership in pki-base and
pki-server (cheimes)
- PKI TRAC Ticket #2403 - Deployment problem with RESTEasy 3.0.17 (edewata)
- PKI TRAC Ticket #2406 - Make starting CRL Number configurable (jmagne)
- PKI TRAC Ticket #2412 - pki client-cert-import --trust option does not
apply the specified trust bits (alee)
- PKI TRAC Ticket #2418 - [TPS] Some template substitution didn\'t happen
during installation (alee)
- PKI TRAC Ticket #2420 - CA subsystem OSCP responder fails when LWCAs are
not used (ftweedal)
- PKI TRAC Ticket #2421 - Incorrect SELinux contexts
Installation/Configuration (edewata)
- PKI TRAC Ticket #2424 - ipa-ca-install fails on replica when IPA server
is converted from CA-less to CA-full (edewata)
- PKI TRAC Ticket #2428 - broken request links for CA\'s system certs in
agent request viewing (cfu)
- PKI TRAC Ticket #2430 - CA Agent certificate list is not sorted by serial
number in migration case (jmagne)
- PKI TRAC Ticket #2431 - Errors noticed during ipa server upgrade.
(mharmsen)
- PKI TRAC Ticket #2433 - Lightweight CA GET /chain returns bogus PEM
data (ftweedal)
Tue Jul 5 14:00:00 2016 Dogtag Team 10.3.3-3
- PKI TRAC Ticket #691 - [MAN] pki-server man pages (mharmsen)
- PKI TRAC Ticket #1114 - [MAN] Generting Symmetric key fails with
key-generate when --usages verify is passed (jmagne)
- PKI TRAC Ticket #1306 - [RFE] Add granularity to token termination in TPS
(cfu)
- PKI TRAC Ticket #1308 - [RFE] Provide ability to perform off-card key
generation for non-encryption token keys (cfu)
- PKI TRAC Ticket #1405 - [MAN] Add additional HSM details to
\'pki_default.cfg\' & \'pkispawn\' man pages (mharmsen)
- PKI TRAC Ticket #1607 - [MAN] man pkispawn has inadequate description for
shared vs non shared tomcat instance installation (mharmsen)
- PKI TRAC Ticket #1664 - [BUG] Add ability to disallow TPS to enroll a single
user on multiple tokens. (jmagne)
- PKI TRAC Ticket #1711 - CLI :: pki-server ca-cert-request-find throws
IOError (edewata, ftweedal)
- PKI TRAC Ticket #2285 - freeipa fails to start correctly after pki-core
update on upgraded system (ftweedal)
- PKI TRAC Ticket #2311 - When pki_token_name=Internal, consider normalizing
it to \"internal\" (mharmsen)
- PKI TRAC Ticket #2349 - Separated TPS does not automatically receive shared
secret from remote TKS (jmagne)
- PKI TRAC Ticket #2364 - CLI :: pki-server ca-cert-request-show throws
attribute error (ftweedal)
- PKI TRAC Ticket #2368 - pki-server subsystem subcommands throws error with
--help option (edewata)
- PKI TRAC Ticket #2374 - KRA cloning overwrites CA signing certificate trust
flags (edewata)
- PKI TRAC Ticket #2380 - Pki-server instance commands throws exception while
specifying invalid parameters. (edewata)
- PKI TRAC Ticket #2384 - CA installation with HSM prompts for HSM password
during silent installation (edewata)
- PKI TRAC Ticket #2385 - Upgraded CA lacks ca.sslserver.certreq in CS.cfg
(ftweedal)
- PKI TRAC Ticket #2387 - Add config for default OCSP URI if none given
(ftweedal)
- PKI TRAC Ticket #2388 - CA creation responds 500 if certificate issuance
fails (ftweedal)
- PKI TRAC Ticket #2389 - Installation: subsystem certs could have notAfter
beyond CA signing cert in case of external or existing CA (cfu)
- PKI TRAC Ticket #2390 - Dogtag 10.3.4: Miscellaneous Enhancements
(akasurde, edewata)
Thu Jun 30 14:00:00 2016 Dogtag Team 10.3.3-2
- PKI TRAC Ticket #2373 - Fedora 25: RestEasy 3.0.6 ==> 3.0.17 breaks
pki-core (ftweedal)
Mon Jun 20 14:00:00 2016 Dogtag Team 10.3.3-1
- Updated release number to 10.3.3-1
Tue Jun 7 14:00:00 2016 Dogtag Team 10.3.3-0.1
- Updated version number to 10.3.3-0.1
Tue Jun 7 14:00:00 2016 Dogtag Team 10.3.2-5
- Provided cleaner runtime dependency separation
Tue Jun 7 14:00:00 2016 Dogtag Team 10.3.2-4
- Updated tomcatjss version dependencies
Tue Jun 7 14:00:00 2016 Dogtag Team 10.3.2-3
- Updated \'java\', \'java-headless\', and \'java-devel\' dependencies to 1:1.8.0.
Tue Jun 7 14:00:00 2016 Dogtag Team 10.3.2-2
- Updated tomcat version dependencies
Tue Jun 7 14:00:00 2016 Dogtag Team 10.3.2-1
- Updated version number to 10.3.2-1
Wed May 18 14:00:00 2016 Dogtag Team 10.3.2-0.1
- Updated version number to 10.3.2-0.1
Tue May 17 14:00:00 2016 Dogtag Team 10.3.1-1
- Updated version number to 10.3.1-1 (to allow upgrade from 10.3.0.b1)
Mon May 16 14:00:00 2016 Dogtag Team 10.3.0-1
- Updated version number to 10.3.0-1
Mon Apr 18 14:00:00 2016 Dogtag Team 10.3.0.b1-1
- Build for F24 beta
Fri Apr 8 14:00:00 2016 Dogtag Team 10.3.0.a2-2
- PKI TRAC Ticket #2255 - PKCS #12 backup does not contain trust attributes.
Thu Apr 7 14:00:00 2016 Dogtag Team 10.3.0.a2-1
- Updated build for F24 alpha
Wed Mar 23 13:00:00 2016 Dogtag Team 10.3.0.a1-2
- PKI TRAC Ticket #1625 - Allow multiple ACLs of same name
(union of rules) [ftweedal]
- PKI TRAC Ticket #2237 - Add CRL dist points extension to OIDMap
unconditionally [edewata]
- PKI TRAC Ticket #1803 - Removed unnecessary URL encoding for admin cert
request. [edewata]
- PKI TRAC Ticket #1742 - Added support for cloning 3rd-party CA
certificates. [edewata]
- PKI TRAC Ticket #1482 - Added TPS token filter dialog. [edewata]
- PKI TRAC Ticket #1808 - Fixed illegal token state transition
via TEMP_LOST. [edewata]
Fri Mar 4 13:00:00 2016 Dogtag Team 10.3.0.a1-1
- Build for F24 alpha
Tue Mar 1 13:00:00 2016 Dogtag Team 10.3.0-0.5
- PKI Trac Ticket #1399 - Move java components out of pki-base
Thu Feb 11 13:00:00 2016 Dogtag Team 10.3.0-0.4
- PKI TRAC Ticket #1850 - Rename DRMTool --> KRATool
Thu Feb 4 13:00:00 2016 Dogtag Team 10.3.0-0.3
- PKI TRAC Ticket #1714 - mod_revocator and mod_nss dependency for tps
should be removed
Sat Oct 3 14:00:00 2015 Dogtag Team 10.3.0-0.2
- PKI TRAC Ticket #1623 - Runtime dependency on python-nss is missing
Sat Aug 8 14:00:00 2015 Dogtag Team 10.3.0-0.1
- Updated version number to 10.3.0-0.1
Fri Aug 7 14:00:00 2015 Dogtag Team 10.2.7-0.3
- Added dep on tomcat-servlet-3.1-api [Fedora 23 and later] or dep on
tomcat-servlet-3.0-api [Fedora 22 and later] to pki-tools
- Updated dep on tomcatjss [Fedora 23 and later]
Fri Jul 24 14:00:00 2015 Tomas Radej - 10.2.7-0.2
- Updated dep on policycoreutils-python-utils [Fedora 23 and later]
Sat Jul 18 14:00:00 2015 Dogtag Team 10.2.7-0.1
- Updated version number to 10.2.7-0.1
Sat Jul 18 14:00:00 2015 Dogtag Team 10.2.6-1
- Update release number for release build
Fri Jul 17 14:00:00 2015 Dogtag Team 10.2.6-0.3
- Remove setup directory and remaining Perl dependencies
Sat Jun 20 14:00:00 2015 Dogtag Team 10.2.6-0.2
- Remove ExcludeArch directive
Fri Jun 19 14:00:00 2015 Dogtag Team 10.2.6-0.1
- Updated version number to 10.2.6-0.1
Fri Jun 19 14:00:00 2015 Dogtag Team 10.2.5-1
- Update release number for release build
Wed Jun 17 14:00:00 2015 Dogtag Team 10.2.5-0.2
- Resolves rhbz #1230970 - Errata TPS tests for rpm verification failed
Tue May 26 14:00:00 2015 Dogtag Team 10.2.5-0.1
- Updated version number to 10.2.5-0.1
Tue May 26 14:00:00 2015 Dogtag Team 10.2.4-1
- Update release number for release build
Tue May 12 14:00:00 2015 Dogtag Team 10.2.4-0.2
- Updated nuxwdog and tomcatjss requirements (alee)
Thu Apr 23 14:00:00 2015 Dogtag Team 10.2.4-0.1
- Updated version number to 10.2.4-0.1
- Added nuxwdog systemd files
Thu Apr 23 14:00:00 2015 Dogtag Team 10.2.3-1
- Update release number for release build
Thu Apr 9 14:00:00 2015 Dogtag Team 10.2.3-0.1
- Reverted version number back to 10.2.3-0.1
- Added support for Tomcat 8.
Mon Apr 6 14:00:00 2015 Dogtag Team 10.3.0-0.1
- Updated version number to 10.3.0-0.1
Wed Mar 18 13:00:00 2015 Dogtag Team 10.2.3-0.1
- Updated version number to 10.2.3-0.1
Tue Mar 17 13:00:00 2015 Dogtag Team 10.2.2-1
- Update release number for release build
Thu Jan 8 13:00:00 2015 Dogtag Team 10.2.2-0.1
- Updated version number to 10.2.2-0.1
- Moved web application deployment locations.
- Updated Resteasy and Jackson dependencies.
- Added missing python-lxml build dependency.
Thu Jan 8 13:00:00 2015 Dogtag Team 10.2.1-1
- Update release number for release build
Tue Dec 16 13:00:00 2014 Matthew Harmsen - 10.2.1-0.4
- PKI TRAC Ticket #1187 - mod_perl should be removed from requirements for 10.2
- PKI TRAC Ticket #1205 - Outdated selinux-policy dependency.
- Removed perl(XML::LibXML), perl-Crypt-SSLeay, and perl-Mozilla-LDAP runtime
dependencies
Fri Dec 12 13:00:00 2014 Ade Lee 10.2.1-0.3
- Change resteasy dependencies for F22+
Mon Nov 24 13:00:00 2014 Christina Fu 10.2.1-0.2
- Ticket 1198 Bugzilla 1158410 add TLS range support to server.xml by
default and upgrade (cfu)
- PKI Trac Ticket #1211 - New release overwrites old source tarball (mharmsen)
- up the release number to 0.2
Fri Oct 24 14:00:00 2014 Dogtag Team 10.2.1-0.1
- Updated version number to 10.2.1-0.1.
- Added CLIs to simplify generating user certificates
- Added enhancements to KRA Python API
- Added a man page for pki ca-profile commands.
- Added python api docs
Wed Oct 1 14:00:00 2014 Ade Lee 10.2.0-3
- Disable pylint dependency for RHEL builds
- Added jakarta-commons-httpclient requirements
- Added tomcat version for RHEL build
- Added resteasy-base-client for RHEL build
Wed Sep 24 14:00:00 2014 Matthew Harmsen - 10.2.0-2
- PKI TRAC Ticket #1130 - Add RHEL/CentOS conditionals to spec
Wed Sep 3 14:00:00 2014 Dogtag Team 10.2.0-1
- Update release number for release build
Wed Sep 3 14:00:00 2014 Matthew Harmsen - 10.2.0-0.10
- PKI TRAC Ticket #1017 - Rename pki-tps-tomcat to pki-tps
Fri Aug 29 14:00:00 2014 Matthew Harmsen - 10.2.0-0.9
- Merged jmagneAATTredhat.com\'s spec file changes from the stand-alone
\'pki-tps-client\' package needed to build/run the native \'tpsclient\'
command line utility into this \'pki-core\' spec file under the \'tps\' package.
- Original tps libararies must be built to support this native utility.
- Modifies tps package from \'noarch\' into \'architecture-specific\' package
Wed Aug 27 14:00:00 2014 Matthew Harmsen - 10.2.0-0.8
- PKI TRAC Ticket #1127 - Remove \'pki-ra\', \'pki-setup\', and \'pki-silent\'
packages . . .
Sun Aug 17 14:00:00 2014 Fedora Release Engineering - 10.2.0-0.5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
Wed Aug 13 14:00:00 2014 Jack Magne - 10.2.0-0.7
- Respin to include the applet files with the rpm install. No change
to spec file needed.
Tue Jul 15 14:00:00 2014 Matthew Harmsen - 10.2.0-0.6
- Bugzilla Bug #1120045 - pki-core: Switch to java-headless (build)requires --
drop dependency on java-atk-wrapper
- Removed \'java-atk-wrapper\' dependency from \'pki-server\'
Wed Jul 2 14:00:00 2014 Matthew Harmsen - 10.2.0-0.5
- PKI TRAC Ticket #832 - Remove legacy \'systemctl\' files . . .
Tue Jul 1 14:00:00 2014 Ade Lee - 10.2.0-0.4
- Update rawhide build
Sat Jun 7 14:00:00 2014 Fedora Release Engineering - 10.2.0-0.3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
Fri Mar 28 13:00:00 2014 Michael Simacek - 10.2.0-0.2
- Use Requires: java-headless rebuild (#1067528)
Fri Nov 22 13:00:00 2013 Dogtag Team 10.2.0-0.1
- Added option to build without server packages.
- Replaced Jettison with Jackson.
- Added python-nss build requirement
- Bugzilla Bug #1057959 - pkispawn requires policycoreutils-python
- TRAC Ticket #840 - pkispawn requires policycoreutils-python
- Updated requirements for resteasy
- Added template files for archive, retrieve and generate key
requests to the client package.
Fri Nov 15 13:00:00 2013 Ade Lee 10.1.0-1
- Trac Ticket 788 - Clean up spec files
- Update release number for release build
- Updated requirements for resteasy
Sun Nov 10 13:00:00 2013 Ade Lee 10.1.0-0.14
- Change release number for beta build
Thu Nov 7 13:00:00 2013 Ade Lee 10.1.0-0.13
- Updated requirements for tomcat
Fri Oct 4 14:00:00 2013 Ade Lee 10.1.0-0.12
- Removed additional /var/run, /var/lock references.
Fri Oct 4 14:00:00 2013 Ade Lee 10.1.0-0.11
- Removed delivery of /var/lock and /var/run directories for fedora 20.
Wed Aug 14 14:00:00 2013 Endi S. Dewata 10.1.0-0.10
- Moved Tomcat-based TPS into pki-core.
Wed Aug 14 14:00:00 2013 Abhishek Koneru 10.1.0.0.9
- Listed new packages required during build, due to issues reported
by pylint.
- Packages added: python-requests, python-ldap, libselinux-python,
policycoreutils-python
Fri Aug 9 14:00:00 2013 Abhishek Koneru 10.1.0.0.8
- Added pylint scan to the build process.
Mon Jul 22 14:00:00 2013 Endi S. Dewata 10.1.0-0.7
- Added man pages for upgrade tools.
Wed Jul 17 14:00:00 2013 Endi S. Dewata 10.1.0-0.6
- Cleaned up the code to install man pages.
Tue Jul 16 14:00:00 2013 Endi S. Dewata 10.1.0-0.5
- Reorganized deployment tools.
Tue Jul 9 14:00:00 2013 Ade Lee 10.1.0-0.4
- Bugzilla Bug 973224 - resteasy-base must be split into subpackages
to simplify dependencies
Fri Jun 14 14:00:00 2013 Endi S. Dewata 10.1.0-0.3
- Updated dependencies to Java 1.7.
Wed Jun 5 14:00:00 2013 Matthew Harmsen 10.1.0-0.2
- TRAC Ticket 606 - add restart / start at boot info to pkispawn man page
- TRAC Ticket 610 - Document limitation in using GUI install
- TRAC Ticket 629 - Package ownership of \'/usr/share/pki/etc/\' directory
Tue May 7 14:00:00 2013 Ade Lee 10.1.0-0.1
- Change release number for 10.1 development
Mon May 6 14:00:00 2013 Endi S. Dewata 10.0.2-5
- Fixed incorrect JNI_JAR_DIR.
Sat May 4 14:00:00 2013 Ade Lee 10.0.2-4
- TRAC Ticket 605 Junit internal function used in TestRunner,
breaks F19 build
Sat May 4 14:00:00 2013 Ade Lee 10.0.2-3
- TRAC Ticket 604 Added fallback methods for pkispawn tests
Mon Apr 29 14:00:00 2013 Endi S. Dewata 10.0.2-2
- Added default pki.conf in /usr/share/pki/etc
- Create upgrade tracker on install and remove it on uninstall
Fri Apr 26 14:00:00 2013 Ade Lee 10.0.2-1
- Change release number for official release.
Thu Apr 25 14:00:00 2013 Ade Lee 10.0.2-0.8
- Added %pretrans script for f19
- Added java-atk-wrapper dependency
Wed Apr 24 14:00:00 2013 Endi S. Dewata 10.0.2-0.7
- Added pki-server-upgrade script and pki.server module.
- Call upgrade scripts in %post for pki-base and pki-server.
Tue Apr 23 14:00:00 2013 Endi S. Dewata 10.0.2-0.6
- Added dependency on commons-io.
Mon Apr 22 14:00:00 2013 Ade Lee 10.0.2-0.5
- Add /var/log/pki and /var/lib/pki directories
Tue Apr 16 14:00:00 2013 Endi S. Dewata 10.0.2-0.4
- Run pki-upgrade on post server installation.
Mon Apr 15 14:00:00 2013 Endi S. Dewata 10.0.2-0.3
- Added dependency on python-lxml.
Fri Apr 5 14:00:00 2013 Endi S. Dewata 10.0.2-0.2
- Added pki-upgrade script.
Fri Apr 5 14:00:00 2013 Endi S. Dewata 10.0.2-0.1
- Updated version number to 10.0.2-0.1.
Fri Apr 5 14:00:00 2013 Endi S. Dewata 10.0.1-9
- Renamed base/deploy to base/server.
- Moved pki.conf into pki-base.
- Removed redundant pki/server folder declaration.
Tue Mar 19 13:00:00 2013 Ade Lee 10.0.1-8
- Removed jython dependency
Mon Mar 11 13:00:00 2013 Endi S. Dewata 10.0.1-7
- Added minimum python-requests version.
Fri Mar 8 13:00:00 2013 Matthew Harmsen 10.0.1-6
- Bugzilla Bug #919476 - pkispawn crashes due to dangling symlink to jss4.jar
Thu Mar 7 13:00:00 2013 Endi S. Dewata 10.0.1-5
- Added dependency on python-requests.
- Reorganized Python module packaging.
Thu Mar 7 13:00:00 2013 Endi S. Dewata 10.0.1-4
- Added dependency on python-ldap.
Mon Mar 4 13:00:00 2013 Matthew Harmsen 10.0.1-3
- TRAC Ticket #517 - Clean up theme dependencies
- TRAC Ticket #518 - Remove UI dependencies from pkispawn . . .
Fri Mar 1 13:00:00 2013 Matthew Harmsen 10.0.1-2
- Removed runtime dependency on \'pki-server-theme\' to resolve
Bugzilla Bug #916134 - unresolved dependency in pki-server: pki-server-theme
Tue Jan 15 13:00:00 2013 Ade Lee 10.0.1-1
- TRAC Ticket 214 - Missing error description for duplicate user
- TRAC Ticket 213 - Add nonces for cert revocation
- TRAC Ticket 367 - pkidestroy does not remove connector
- TRAC Ticket #430 - License for 3rd party code
- Bugzilla Bug 839426 - [RFE] ECC CRL support for OCSP
- Fix spec file to allow f17 to work with latest tomcatjss
- TRAC Ticket 466 - Increase root CA validity to 20 years
- TRAC Ticket 469 - Fix tomcatjss issue in spec files
- TRAC Ticket 468 - pkispawn throws exception
- TRAC Ticket 191 - Mapping HTTP Exceptions to HTTP error codes
- TRAC Ticket 271 - Dogtag 10: Fix \'status\' command in \'pkidaemon\' . . .
- TRAC Ticket 437 - Make admin cert p12 file location configurable
- TRAC Ticket 393 - pkispawn fails when selinux is disabled
- Punctuation and formatting changes in man pages
- Revert to using default config file for pkidestroy
- Hardcode setting of resteasy-lib for instance
- TRAC Ticket 436 - Interpolation for pki_subsystem
- TRAC Ticket 433 - Interpolation for paths
- TRAC Ticket 435 - Identical instance id and instance name
- TRAC Ticket 406 - Replace file dependencies with package dependencies
Wed Jan 9 13:00:00 2013 Matthew Harmsen 10.0.0-5
- TRAC Ticket #430 - License for 3rd party code
Fri Jan 4 13:00:00 2013 Matthew Harmsen 10.0.0-4
- TRAC Ticket #469 - Dogtag 10: Fix tomcatjss issue in pki-core.spec and
dogtag-pki.spec . . .
- TRAC Ticket #468 - pkispawn throws exception
Wed Dec 12 13:00:00 2012 Ade Lee 10.0.0-3
- Replaced file dependencies with package dependencies
Mon Dec 10 13:00:00 2012 Ade Lee 10.0.0-2
- Updated man pages
Fri Dec 7 13:00:00 2012 Ade Lee 10.0.0-1
- Update to official release for rc1
Thu Dec 6 13:00:00 2012 Matthew Harmsen 10.0.0-0.56.b3
- TRAC Ticket #315 - Man pages for pkispawn/pkidestroy.
- Added place-holders for \'pki.1\' and \'pki_default.cfg.5\' man pages.
Thu Dec 6 13:00:00 2012 Endi S. Dewata 10.0.0-0.55.b3
- Added system-wide configuration /etc/pki/pki.conf.
- Removed redundant lines in %files.
Tue Dec 4 13:00:00 2012 Endi S. Dewata 10.0.0-0.54.b3
- Moved default deployment configuration to /etc/pki.
Mon Nov 19 13:00:00 2012 Ade Lee 10.0.0-0.53.b3
- Cleaned up spec file to provide only support rhel 7+, f17+
- Added resteasy-base dependency for rhel 7
- Update cmake version
Mon Nov 12 13:00:00 2012 Ade Lee 10.0.0-0.52.b3
- Update release to b3
Fri Nov 9 13:00:00 2012 Endi S. Dewata 10.0.0-0.51.b2
- Removed dependency on CA, KRA, OCSP, TKS theme packages.
Thu Nov 8 13:00:00 2012 Endi S. Dewata 10.0.0-0.50.b2
- Renamed pki-common-theme to pki-server-theme.
Thu Nov 8 13:00:00 2012 Matthew Harmsen 10.0.0-0.49.b2
- TRAC Ticket #395 - Dogtag 10: Add a Tomcat 7 runtime requirement to
\'pki-server\'
Mon Oct 29 13:00:00 2012 Ade Lee 10.0.0-0.48.b2
- Update release to b2
Wed Oct 24 14:00:00 2012 Matthew Harmsen 10.0.0-0.47.b1
- TRAC Ticket #350 - Dogtag 10: Remove version numbers from PKI jar files . . .
Tue Oct 23 14:00:00 2012 Ade Lee 10.0.0-0.46.b1
- Added Obsoletes for pki-selinux
Tue Oct 23 14:00:00 2012 Ade Lee 10.0.0-0.45.b1
- Remove build of pki-selinux for f18, use system policy instead
Fri Oct 12 14:00:00 2012 Ade Lee 10.0.0-0.44.b1
- Update required tomcatjss version
- Added net-tools dependency
Mon Oct 8 14:00:00 2012 Ade Lee 10.0.0-0.43.b1
- Update selinux-policy version to fix error from latest policy changes
Mon Oct 8 14:00:00 2012 Ade Lee 10.0.0-0.42.b1
- Fix typo in selinux policy versions
Mon Oct 8 14:00:00 2012 Ade Lee 10.0.0-0.41.b1
- Added build requires for correct version of selinux-policy-devel
Mon Oct 8 14:00:00 2012 Ade Lee 10.0.0-0.40.b1
- Update release to b1
Fri Oct 5 14:00:00 2012 Endi S. Dewata 10.0.0-0.40.a2
- Merged pki-silent into pki-server.
Fri Oct 5 14:00:00 2012 Endi S. Dewata 10.0.0-0.39.a2
- Renamed \"shared\" folder to \"server\".
Fri Oct 5 14:00:00 2012 Ade Lee 10.0.0-0.38.a2
- Added required selinux versions for new policy.
Tue Oct 2 14:00:00 2012 Endi S. Dewata 10.0.0-0.37.a2
- Added Provides to packages replacing obsolete packages.
Mon Oct 1 14:00:00 2012 Ade Lee 10.0.0-0.36.a2
- Update release to a2
Sun Sep 30 14:00:00 2012 Endi S. Dewata 10.0.0-0.36.a1
- Modified CMake to use RPM version number
Tue Sep 25 14:00:00 2012 Endi S. Dewata 10.0.0-0.35.a1
- Added VERSION file
Mon Sep 24 14:00:00 2012 Endi S. Dewata 10.0.0-0.34.a1
- Merged pki-setup into pki-server
Thu Sep 13 14:00:00 2012 Ade Lee 10.0.0-0.33.a1
- Added Conflicts for IPA 2.X
- Added build requires for zip to work around mock problem
Wed Sep 12 14:00:00 2012 Matthew Harmsen 10.0.0-0.32.a1
- TRAC Ticket #312 - Dogtag 10: Automatically restart any running instances
upon RPM \"update\" . . .
- TRAC Ticket #317 - Dogtag 10: Move \"pkispawn\"/\"pkidestroy\"
from /usr/bin to /usr/sbin . . .
Wed Sep 12 14:00:00 2012 Endi S. Dewata 10.0.0-0.31.a1
- Fixed pki-server to include everything in shared dir.
Tue Sep 11 14:00:00 2012 Endi S. Dewata 10.0.0-0.30.a1
- Added build dependency on redhat-rpm-config.
Thu Aug 30 14:00:00 2012 Endi S. Dewata 10.0.0-0.29.a1
- Merged Javadoc packages.
Thu Aug 30 14:00:00 2012 Endi S. Dewata 10.0.0-0.28.a1
- Added pki-tomcat.jar.
Thu Aug 30 14:00:00 2012 Endi S. Dewata 10.0.0-0.27.a1
- Moved webapp creation code into pkispawn.
Mon Aug 20 14:00:00 2012 Endi S. Dewata 10.0.0-0.26.a1
- Split pki-client.jar into pki-certsrv.jar and pki-tools.jar.
Mon Aug 20 14:00:00 2012 Endi S. Dewata 10.0.0-0.25.a1
- Merged pki-native-tools and pki-java-tools into pki-tools.
- Modified pki-server to depend on pki-tools.
Mon Aug 20 14:00:00 2012 Endi S. Dewata 10.0.0-0.24.a1
- Split pki-common into pki-base and pki-server.
- Merged pki-util into pki-base.
- Merged pki-deploy into pki-server.
Thu Aug 16 14:00:00 2012 Matthew Harmsen 10.0.0-0.23.a1
- Updated release of \'tomcatjss\' to rely on Tomcat 7 for Fedora 17
- Changed Dogtag 10 build-time and runtime requirements for \'pki-deploy\'
- Altered PKI Package Dependency Chain (top-to-bottom):
pki-ca, pki-kra, pki-ocsp, pki-tks --> pki-deploy --> pki-common
Mon Aug 13 14:00:00 2012 Endi S. Dewata 10.0.0-0.22.a1
- Added pki-client.jar.
Fri Jul 27 14:00:00 2012 Endi S. Dewata 10.0.0-0.21.a1
- Merged pki-jndi-realm.jar into pki-cmscore.jar.
Tue Jul 24 14:00:00 2012 Matthew Harmsen 10.0.0-0.20.a1
- PKI TRAC Task #254 - Dogtag 10: Fix spec file to build successfully
via mock on Fedora 17 . . .
Wed Jul 11 14:00:00 2012 Matthew Harmsen 10.0.0-0.19.a1
- Moved \'pki-jndi-real.jar\' link from \'tomcat6\' to \'tomcat\' (Tomcat 7)
Thu Jun 14 14:00:00 2012 Matthew Harmsen 10.0.0-0.18.a1
- Updated release of \'tomcatjss\' to rely on Tomcat 7 for Fedora 18
Tue May 29 14:00:00 2012 Endi S. Dewata 10.0.0-0.17.a1
- Added CLI for REST services
Fri May 18 14:00:00 2012 Matthew Harmsen 10.0.0-0.16.a1
- Integration of Tomcat 7
- Addition of centralized \'pki-tomcatd\' systemd functionality to the
PKI Deployment strategy
- Removal of \'pki_flavor\' attribute
Mon Apr 16 14:00:00 2012 Ade Lee 10.0.0-0.15.a1
- BZ 813075 - selinux denial for file size access
Thu Apr 5 14:00:00 2012 Christina Fu 10.0.0-0.14.a1
- Bug 745278 - [RFE] ECC encryption keys cannot be archived
Tue Mar 27 14:00:00 2012 Endi S. Dewata 10.0.0-0.13.a1
- Replaced candlepin-deps with resteasy
Fri Mar 23 13:00:00 2012 Endi S. Dewata 10.0.0-0.12.a1
- Added option to build without Javadoc
Fri Mar 16 13:00:00 2012 Ade Lee 10.0.0-0.11.a1
- BZ 802396 - Change location of TOMCAT_LOG to match tomcat6 changes
- Corrected patch selected for selinux f17 rules
Wed Mar 14 13:00:00 2012 Matthew Harmsen 10.0.0-0.10.a1
- Corrected \'junit\' dependency check
Mon Mar 12 13:00:00 2012 Matthew Harmsen 10.0.0-0.9.a1
- Initial attempt at PKI deployment framework described in
\'http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment\'.
Fri Mar 9 13:00:00 2012 Jack Magne 10.0.0-0.8.a1
- Added support for pki-jndi-realm in tomcat6 in pki-common
and pki-kra.
- Ticket #69.
Fri Mar 2 13:00:00 2012 Matthew Harmsen 10.0.0-0.7.a1
- For \'mock\' purposes, removed platform-specific logic from around
the \'patch\' files so that ALL \'patch\' files will be included in
the SRPM.
Wed Feb 29 13:00:00 2012 Endi S. Dewata 10.0.0-0.6.a1
- Removed dependency on OSUtil.
Tue Feb 28 13:00:00 2012 Ade Lee 10.0.0-0.5.a1
- \'pki-selinux\'
- Added platform-dependent patches for SELinux component
- Bugzilla Bug #739708 - Selinux fix for ephemeral ports (F16)
- Bugzilla Bug #795966 - pki-selinux policy is kind of a mess (F17)
Thu Feb 23 13:00:00 2012 Endi S. Dewata 10.0.0-0.4.a1
- Added dependency on Apache Commons Codec.
Wed Feb 22 13:00:00 2012 Matthew Harmsen 10.0.0-0.3.a1
- Add \'-DSYSTEMD_LIB_INSTALL_DIR\' override flag to \'cmake\' to address changes
in fundamental path structure in Fedora 17
- \'pki-setup\'
- Hard-code Perl dependencies to protect against bugs such as
Bugzilla Bug #772699 - Adapt perl and python fileattrs to
changed file 5.10 magics
- \'pki-selinux\'
- Bugzilla Bug #795966 - pki-selinux policy is kind of a mess
Mon Feb 20 13:00:00 2012 Matthew Harmsen 10.0.0-0.2.a1
- Integrated \'pki-kra\' into \'pki-core\'
- Integrated \'pki-ocsp\' into \'pki-core\'
- Integrated \'pki-tks\' into \'pki-core\'
- Bugzilla Bug #788787 - added \'junit\'/\'junit4\' build-time requirements
Wed Feb 1 13:00:00 2012 Nathan Kinder 10.0.0-0.1.a1
- Updated package version number
Mon Jan 16 13:00:00 2012 Ade Lee 9.0.16-3
- Added resteasy-jettison-provider-2.3-RC1.jar to pki-setup
Mon Nov 28 13:00:00 2011 Endi S. Dewata 9.0.16-2
- Added JUnit tests
Fri Oct 28 14:00:00 2011 Matthew Harmsen 9.0.16-1
- \'pki-setup\'
- \'pki-symkey\'
- \'pki-native-tools\'
- \'pki-util\'
- Bugzilla Bug #737122 - DRM: during archiving and recovering,
wrapping unwrapping keys should be done in the token (cfu)
- \'pki-java-tools\'
- \'pki-common\'
- Bugzilla Bug #744797 - KRA key recovery (retrieve pkcs#12) fails after
the in-place upgrade( CS 8.0->8.1) (cfu)
- \'pki-selinux\'
- \'pki-ca\'
- Bugzilla Bug #746367 - Typo in the profile name. (jmagne)
- Bugzilla Bug #737122 - DRM: during archiving and recovering,
wrapping unwrapping keys should be done in the token (cfu)
- Bugzilla Bug #749927 - Java class conflicts using Java 7 in Fedora 17
(rawhide) . . . (mharmsen)
- Bugzilla Bug #749945 - Installation error reported during CA, DRM,
OCSP, and TKS package installation . . . (mharmsen)
- \'pki-silent\'
Thu Sep 22 14:00:00 2011 Matthew Harmsen 9.0.15-1
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen)
- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
- \'pki-setup\'
- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
- Bugzilla Bug #737192 - Need script to upgrade proxy configuration (alee)
- \'pki-symkey\'
- Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode
(hsm+NSS). (jmagne)
- \'pki-native-tools\'
- Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk)
- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
- \'pki-util\'
- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
- \'pki-java-tools\'
- \'pki-common\'
- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
- Bugzilla Bug #737218 - Incorrect request attribute name matching
ignores request attributes during request parsing. (awnuk)
- Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode
(hsm+NSS). (jmagne)
- \'pki-selinux\'
- Bugzilla Bug #739708 - pki-selinux lacks rules in F16 (alee)
- \'pki-ca\'
- Bugzilla Bug #712931 - CS requires too many ports
to be open in the FW (alee)
- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
- \'pki-silent\'
- Bugzilla Bug #739201 - pkisilent does not take arch into account
as Java packages migrated to arch-dependent directories (mharmsen)
Fri Sep 9 14:00:00 2011 Matthew Harmsen 9.0.14-1
- \'pki-setup\'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
- \'pki-symkey\'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
- \'pki-native-tools\'
- \'pki-util\'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
- \'pki-java-tools\'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
- \'pki-common\'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
- \'pki-selinux\'
- \'pki-ca\'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
- \'pki-silent\'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
Tue Sep 6 14:00:00 2011 Ade Lee 9.0.13-1
- \'pki-setup\'
- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
- \'pki-ca\'
- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
- \'pki-common\'
- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
Tue Aug 23 14:00:00 2011 Matthew Harmsen 9.0.12-1
- \'pki-setup\'
- Bugzilla Bug #712931 - CS requires too many ports
to be open in the FW (alee)
- \'pki-symkey\'
- \'pki-native-tools\'
- Bugzilla Bug #717643 - Fopen without NULL check and other Coverity
issues (awnuk)
- Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk)
- \'pki-util\'
- \'pki-java-tools\'
- \'pki-common\'
- Bugzilla Bug #700522 - pki tomcat6 instances currently running
unconfined, allow server to come up when selinux disabled (alee)
- Bugzilla Bug #731741 - some CS.cfg nickname parameters not updated
correctly when subsystem cloned (using hsm) (alee)
- Bugzilla Bug #712931 - CS requires too many ports
to be open in the FW (alee)
- \'pki-selinux\'
- Bugzilla Bug #712931 - CS requires too many ports
to be open in the FW (alee)
- \'pki-ca\'
- Bugzilla Bug #712931 - CS requires too many ports
to be open in the FW (alee)
- \'pki-silent\'
Wed Aug 10 14:00:00 2011 Matthew Harmsen 9.0.12
- \'pki-setup\'
- Bugzilla Bug #689909 - Dogtag installation under IPA takes too much
time - remove the inefficient sleeps (alee)
- \'pki-symkey\'
- \'pki-native-tools\'
- \'pki-util\'
- \'pki-java-tools\'
- Bugzilla Bug #724861 - DRMTool: fix duplicate \"dn:\" records by
renumbering \"cn=\" (mharmsen)
- \'pki-common\'
- Bugzilla Bug #717041 - Improve escaping of some enrollment inputs like
(jmagne, awnuk)
- Bugzilla Bug #689909 - Dogtag installation under IPA takes too much
time - remove the inefficient sleeps (alee)
- Bugzilla Bug #708075 - Clone installation does not work over NAT
(alee)
- Bugzilla Bug #726785 - If replication fails while setting up a clone
it will wait forever (alee)
- Bugzilla Bug #728332 - xml output has changed on cert requests (awnuk)
- Bugzilla Bug #700505 - pki tomcat6 instances currently running
unconfined (alee)
- \'pki-selinux\'
- Bugzilla Bug #700505 - pki tomcat6 instances currently running
unconfined (alee)
- \'pki-ca\'
- Bugzilla Bug #728605 - RFE: increase default validity from 6mo to 2yrs
in IPA profile (awnuk)
- \'pki-silent\'
- Bugzilla Bug #689909 - Dogtag installation under IPA takes too much
time - remove the inefficient sleeps (alee)
Fri Jul 22 14:00:00 2011 Matthew Harmsen 9.0.10-1
- \'pki-setup\'
- \'pki-symkey\'
- \'pki-native-tools\'
- \'pki-util\'
- Bugzilla Bug #719007 - Key Constraint keyParameter being ignored
using an ECC CA to generate ECC certs from CRMF. (jmagne)
- Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding
for any component value which is equal to its default value (alee)
- \'pki-java-tools\'
- \'pki-common\'
- Bugzilla Bug #720510 - Console: Adding a certificate into nethsm
throws Token not found error. (jmagne)
- Bugzilla Bug #719007 - Key Constraint keyParameter being ignored
using an ECC CA to generate ECC certs from CRMF. (jmagne)
- Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding
for any component value which is equal to its default value (alee)
- Bugzilla Bug #722989 - Registering an agent when a subsystem is
created - does not log AUTHZ_SUCCESS event. (alee)
- \'pki-selinux\'
- \'pki-ca\'
- Bugzilla Bug #719113 - Add client usage flag to caIPAserviceCert
(awnuk)
- \'pki-silent\'
Thu Jul 14 14:00:00 2011 Matthew Harmsen 9.0.9-1
- Updated release of \'jss\'
- Updated release of \'tomcatjss\' for Fedora 15
- \'pki-setup\'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
(jdennis)
- Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- \'pki-symkey\'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- \'pki-native-tools\'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #717765 - TPS configuration: logging into security domain
from tps does not work with clientauth=want. (alee)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- \'pki-util\'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- \'pki-java-tools\'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #532548 - Tool to do DRM re-key (mharmsen)
- Bugzilla Bug #532548 - Tool to do DRM re-key (config file and record
processing) (mharmsen)
- Bugzilla Bug #532548 - Tool to do DRM re-key (tweaks) (mharmsen)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- \'pki-common\'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #695403 - Editing signedaudit or transaction, system
logs throws \'Invalid protocol\' for OCSP subsystems (alee)
- Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee)
- Bugzilla Bug #695015 - Serial No. of a revoked certificate is not
populated in the CA signedAudit messages (alee)
- Bugzilla Bug #694143 - CA Agent not returning specified request (awnuk)
- Bugzilla Bug #695015 - Serial No. of a revoked certificate is not
populated in the CA signedAudit messages (jmagne)
- Bugzilla Bug #698885 - Race conditions during IPA installation (alee)
- Bugzilla Bug #704792 - CC_LAB_EVAL: CA agent interface:
SubjectID=$Unidentified$ fails audit evaluation (jmagne)
- Bugzilla Bug #705914 - SCEP mishandles nicknames when processing
subsequent SCEP requests. (awnuk)
- Bugzilla Bug #661142 - Verification should fail when a revoked
certificate is added. (jmagne)
- Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs
for modify/add (alee)
- Bugzilla Bug #707416 - additional audit messages for GetCookie (alee)
- Bugzilla Bug #707607 - Published certificate summary has list of
non-published certificates with succeeded status (jmagne)
- Bugzilla Bug #717813 - EV_AUDIT_LOG_SHUTDOWN audit log not generated
for tps and ca on server shutdown (jmagne)
- Bugzilla Bug #697939 - DRM signed audit log message - operation should
be read instead of modify (jmagne)
- Bugzilla Bug #718427 - When audit log is full, server continue to
function. (alee)
- Bugzilla Bug #718607 - CC_LAB_EVAL: No AUTH message is generated in
CA\'s signedaudit log when a directory based user enrollment is
performed (jmagne)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- \'pki-selinux\'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #720503 - RA and TPS require additional SELinux
permissions to run in \"Enforcing\" mode (alee)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- \'pki-ca\'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
(jdennis)
- Bugzilla Bug #699837 - service command is not fully backwards
compatible with Dogtag pki subsystems (mharmsen)
- Bugzilla Bug #649910 - Console: an auditor or agent can be added to an
administrator group. (jmagne)
- Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs
for modify/add (alee)
- Bugzilla Bug #716269 - make ra authenticated profiles non-visible on ee
pages (alee)
- Bugzilla Bug #718621 - CC_LAB_EVAL: PRIVATE_KEY_ARCHIVE_REQUEST occurs
for a revocation invoked by EE user (awnuk)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- \'pki-silent\'
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
(mharmsen)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
Wed May 25 14:00:00 2011 Matthew Harmsen 9.0.8-2
- \'pki-setup\'
- \'pki-symkey\'
- \'pki-native-tools\'
- \'pki-util\'
- \'pki-java-tools\'
- Added \'DRMTool.cfg\' configuration file to inventory
- \'pki-common\'
- \'pki-selinux\'
- \'pki-ca\'
- \'pki-silent\'
Wed May 25 14:00:00 2011 Matthew Harmsen 9.0.8-1
- \'pki-setup\'
- \'pki-symkey\'
- \'pki-native-tools\'
- \'pki-util\'
- \'pki-java-tools\'
- Bugzilla Bug #532548 - Tool to do DRM re-key
- \'pki-common\'
- \'pki-selinux\'
- \'pki-ca\'
- \'pki-silent\'
Tue Apr 26 14:00:00 2011 Matthew Harmsen 9.0.7-1
- \'pki-setup\'
- Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
- Bugzilla Bug #694569 - parameter used by pkiremove not updated
- \'pki-symkey\'
- \'pki-native-tools\'
- \'pki-util\'
- \'pki-java-tools\'
- \'pki-common\'
- Bugzilla Bug #695403 - Editing signedaudit or transaction, system logs
throws \'Invalid protocol\' for OCSP subsystems
- Bugzilla Bug #694569 - parameter used by pkiremove not updated
- Bugzilla Bug #695015 - Serial No. of a revoked certificate is not
populated in the CA signedAudit messages
- Bugzilla Bug #694143 - CA Agent not returning specified request
- Bugzilla Bug #695015 - Serial No. of a revoked certificate is not
populated in the CA signedAudit messages
- Bugzilla Bug #698885 - Race conditions during IPA installation
- \'pki-selinux\'
- \'pki-ca\'
- Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
- Bugzilla Bug #699837 - service command is not fully backwards compatible
with Dogtag pki subsystems
- \'pki-silent\'
Mon Apr 11 14:00:00 2011 Matthew Harmsen 9.0.6-2
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
Tue Apr 5 14:00:00 2011 Matthew Harmsen 9.0.6-1
- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta)
- Bugzilla Bug #693327 - Missing requires: tomcatjss
- \'pki-setup\'
- Bugzilla Bug #690626 - pkiremove removes the registry entry for
all instances on a machine
- \'pki-symkey\'
- \'pki-native-tools\'
- \'pki-util\'
- \'pki-java-tools\'
- Bugzilla Bug #689453 - CRMFPopClient request to CA\'s unsecure port
throws file not found exception.
- \'pki-common\'
- Bugzilla Bug #692990 - Audit log messages needed to match CC doc:
DRM Recovery audit log messages
- \'pki-selinux\'
- \'pki-ca\'
- \'pki-silent\'
Tue Apr 5 14:00:00 2011 Matthew Harmsen 9.0.5-2
- Bugzilla Bug #693327 - Missing requires: tomcatjss
Fri Mar 25 13:00:00 2011 Matthew Harmsen 9.0.5-1
- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta)
- Require \"jss >= 4.2.6-15\" as a build and runtime requirement
- Require \"tomcatjss >= 2.1.1\" as a build and runtime requirement
for Fedora 15 and later platforms
- \'pki-setup\'
- Bugzilla Bug #688287 - Add \"deprecation\" notice regarding using
\"shared ports\" in pkicreate -help . . .
- Bugzilla Bug #688251 - Dogtag installation under IPA takes
too much time - SELinux policy compilation
- \'pki-symkey\'
- \'pki-native-tools\'
- \'pki-util\'
- \'pki-java-tools\'
- Bugzilla Bug #689501 - ExtJoiner tool fails to join the multiple
extensions
- \'pki-common\'
- Bugzilla Bug #683581 - CA configuration with ECC(Default
EC curve-nistp521) CA fails with \'signing operation failed\'
- Bugzilla Bug #689662 - ocsp publishing needs to be re-enabled
on the EE port
- \'pki-selinux\'
- Bugzilla Bug #684871 - ldaps selinux link change
- \'pki-ca\'
- Bugzilla Bug #683581 - CA configuration with ECC(Default
EC curve-nistp521) CA fails with \'signing operation failed\'
- Bugzilla Bug #684381 - CS.cfg specifies incorrect type of comments
- Bugzilla Bug #689453 - CRMFPopClient request to CA\'s unsecure port
throws file not found exception.(profile and CS.cfg only)
- \'pki-silent\'
Thu Mar 17 13:00:00 2011 Matthew Harmsen 9.0.4-1
- Bugzilla Bug #688763 - Rebase updated Dogtag Packages for Fedora 15 (alpha)
- Bugzilla Bug #676182 - IPA installation failing - Fails to create CA
instance
- Bugzilla Bug #675742 - Profile caIPAserviceCert Not Found
- \'pki-setup\'
- Bugzilla Bug #678157 - uninitialized variable warnings from Perl
- Bugzilla Bug #679574 - Velocity fails to load all dependent classes
- Bugzilla Bug #680420 - xml-commons-apis.jar dependency
- Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it\'s
classpath
- Bugzilla Bug #673508 - CS8 64 bit pkicreate script uses wrong library
name for SafeNet LunaSA
- \'pki-common\'
- Bugzilla Bug #673638 - Installation within IPA hangs
- Bugzilla Bug #678715 - netstat loop fixes needed
- Bugzilla Bug #673609 - CC: authorize() call needs to be added to
getStats servlet
- \'pki-selinux\'
- Bugzilla Bug #674195: SELinux error message thrown during token
enrollment
- \'pki-ca\'
- Bugzilla Bug #673638 - Installation within IPA hangs
- Bugzilla Bug #673609 - CC: authorize() call needs to be added to
getStats servlet
- Bugzilla Bug #676330 - init script cannot start service
- \'pki-silent\'
- Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it\'s
classpath
Wed Feb 9 13:00:00 2011 Matthew Harmsen 9.0.3-2
- \'pki-common\'
- Bugzilla Bug #676051 - IPA installation failing - Fails to create CA
instance
- Bugzilla Bug #676182 - IPA installation failing - Fails to create CA
instance
Fri Feb 4 13:00:00 2011 Matthew Harmsen 9.0.3-1
- \'pki-common\'
- Bugzilla Bug #674894 - ipactl restart : an annoy output line
- Bugzilla Bug #675179 - ipactl restart : an annoy output line
Thu Feb 3 13:00:00 2011 Matthew Harmsen 9.0.2-1
- Bugzilla Bug #673233 - Rebase pki-core to pick the latest features and fixes
- \'pki-setup\'
- Bugzilla Bug #673638 - Installation within IPA hangs
- \'pki-symkey\'
- \'pki-native-tools\'
- \'pki-util\'
- \'pki-java-tools\'
- Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided
by \'netscape.security.provider\' package
- \'pki-common\'
- Bugzilla Bug #672291 - CA is not publishing certificates issued using
\"Manual User Dual-Use Certificate Enrollment\"
- Bugzilla Bug #670337 - CA Clone configuration throws TCP connection
error.
- Bugzilla Bug #504056 - Completed SCEP requests are assigned to the
\"begin\" state instead of \"complete\".
- Bugzilla Bug #504055 - SCEP requests are not properly populated
- Bugzilla Bug #564207 - Searches for completed requests in the agent
interface returns zero entries
- Bugzilla Bug #672291 - CA is not publishing certificates issued using
\"Manual User Dual-Use Certificate Enrollment\" -
- Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided
by \'netscape.security.provider\' package
- Bugzilla Bug #672920 - CA console: adding policy to a profile throws
\'Duplicate policy\' error in some cases.
- Bugzilla Bug #673199 - init script returns control before web apps have
started
- Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI
subsystem instances
- \'pki-selinux\'
- \'pki-ca\'
- Bugzilla Bug #504013 - sscep request is rejected due to authentication
error if submitted through one time pin router certificate enrollment.
- Bugzilla Bug #672111 - CC doc: certServer.usrgrp.administration missing
information
- Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml
as part of CC interface review
- Bugzilla Bug #672333 - Creation of RA agent fails in IPA installation
- Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI
subsystem instances
- \'pki-silent\'
- Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided
by \'netscape.security.provider\' package
Wed Feb 2 13:00:00 2011 Matthew Harmsen 9.0.1-3
- Bugzilla Bug #656661 - Please Update Spec File to use \'ghost\' on files
in /var/run and /var/lock
Thu Jan 20 13:00:00 2011 Matthew Harmsen 9.0.1-2
- \'pki-symkey\'
- Bugzilla Bug #671265 - pki-symkey jar version incorrect
- \'pki-common\'
- Bugzilla Bug #564207 - Searches for completed requests in the agent
interface returns zero entries
Tue Jan 18 13:00:00 2011 Matthew Harmsen 9.0.1-1
- Allow \'pki-native-tools\' to be installed independently of \'pki-setup\'
- Removed explicit \'pki-setup\' requirement from \'pki-ca\'
(since it already requires \'pki-common\')
- \'pki-setup\'
- Bugzilla Bug #223343 - pkicreate: should add \'pkiuser\' to nfast group
- Bugzilla Bug #629377 - Selinux errors during pkicreate CA, KRA, OCSP
and TKS.
- Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port
fowarding for agent services
- Bugzilla Bug #632425 - Port to tomcat6
- Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from
OpenLDAP instead of the Mozldap
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #658926 - org.apache.commons.lang class not found on F13
- Bugzilla Bug #661514 - CMAKE build system requires rules to make
javadocs
- Bugzilla Bug #665388 - jakarta-
* jars have been renamed to apache-
*,
pkicreate fails Fedora 14 and above
- Bugzilla Bug #23346 - Two conflicting ACL list definitions in source
repository
- Bugzilla Bug #656733 - Standardize jar install location and jar names
- \'pki-symkey\'
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #644056 - CS build contains warnings
- \'pki-native-tools\'
- template change
- Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from
OpenLDAP instead of the Mozldap
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #644056 - CS build contains warnings
- \'pki-util\'
- Bugzilla Bug #615814 - rhcs80 - profile policyConstraintsCritical
cannot be set to true
- Bugzilla Bug #224945 - javadocs has missing descriptions, contains
empty packages
- Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes.
- Bugzilla Bug #621338 - Include a server randomly-generated 16 byte
senderNonce in all signed SCEP responses.
- Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade
attack in SCEP
- Bugzilla Bug #621334 - Provide an option to set default hash algorithm
for signing SCEP response messages.
- Bugzilla Bug #635033 - At installation wizard selecting key types other
than CA\'s signing cert will fail
- Bugzilla Bug #645874 - rfe ecc - add ecc curve name support in JSS and
CS interface
- Bugzilla Bug #488253 - com.netscape.cmsutil.ocsp.BasicOCSPResponse
ASN.1 encoding/decoding is broken
- Bugzilla Bug #551410 - com.netscape.cmsutil.ocsp.TBSRequest ASN.1
encoding/decoding is incomplete
- Bugzilla Bug #550331 - com.netscape.cmsutil.ocsp.ResponseData ASN.1
encoding/decoding is incomplete
- Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit
policy extension to 5 only
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #661514 - CMAKE build system requires rules to make
javadocs
- Bugzilla Bug #658188 - remove remaining references to tomcat5
- Bugzilla Bug #656733 - Standardize jar install location and jar names
- Bugzilla Bug #223319 - Certificate Status inconsistency between token
db and CA
- Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory
During CRL Generation
- \'pki-java-tools\'
- Bugzilla Bug #224945 - javadocs has missing descriptions, contains
empty packages
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #661514 - CMAKE build system requires rules to make
javadocs
- Bugzilla Bug #662156 - HttpClient is hard-coded to handle only up to
5000 bytes
- Bugzilla Bug #656733 - Standardize jar install location and jar names
- \'pki-common\'
- Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review
- Bugzilla Bug #623745 - SessionTimer with LDAPSecurityDomainSessionTable
started before configuration completed
- Bugzilla Bug #620925 - CC: auditor needs to be able to download audit
logs in the java subsystems
- Bugzilla Bug #615827 - rhcs80 - profile policies need more than 5
policy mappings (seem hardcoded)
- Bugzilla Bug #224945 - javadocs has missing descriptions, contains
empty packages
- Bugzilla Bug #548699 - subCA\'s admin certificate should be generated by
itself
- Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA
- Bugzilla Bug #563386 - rhcs80 ca crash on invalid inputs to profile
caAgentServerCert (null cert_request)
- Bugzilla Bug #621339 - SCEP one-time PIN can be used an unlimited
number of times
- Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml
as part of CC interface review
- Bugzilla Bug #629677 - TPS: token enrollment fails.
- Bugzilla Bug #621350 - Unauthenticated user can decrypt a one-time PIN
in a SCEP request
- Bugzilla Bug #503838 - rhcs71-80 external publishing ldap connection
pools not reliable - improve connections or discovery
- Bugzilla Bug #629769 - password decryption logs plain text password
- Bugzilla Bug #583823 - CC: Auditing issues found as result of
CC - interface review
- Bugzilla Bug #632425 - Port to tomcat6
- Bugzilla Bug #586700 - OCSP Server throws fatal error while using
OCSP console for renewing SSL Server certificate.
- Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes.
- Bugzilla Bug #621338 - Include a server randomly-generated 16 byte
senderNonce in all signed SCEP responses.
- Bugzilla Bug #607380 - CC: Make sure Java Console can configure all
security relevant config items
- Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be
generated on TKS instead of TPS.
- Bugzilla Bug #489342 -
com.netscape.cms.servlet.common.CMCOutputTemplate.java
doesn\'t support EC
- Bugzilla Bug #630121 - OCSP responder lacking option to delete or
disable a CA that it serves
- Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1
- Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade
attack in SCEP
- Bugzilla Bug #621334 - Provide an option to set default hash algorithm
for signing SCEP response messages.
- Bugzilla Bug #635033 - At installation wizard selecting key types other
than CA\'s signing cert will fail
- Bugzilla Bug #621341 - Add CA support for new SCEP key pair dedicated
for SCEP signing and encryption.
- Bugzilla Bug #223336 - ECC: unable to clone a ECC CA
- Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned
by Reason Code - onlySomeReasons ?
- Bugzilla Bug #637330 - CC feature: Key Management - provide signature
verification functions (JAVA subsystems)
- Bugzilla Bug #223313 - should do random generated IV param
for symmetric keys
- Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port
fowarding for agent services
- Bugzilla Bug #630176 - Improve reliability of the LdapAnonConnFactory
- Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on
ECC curve names (not on key sizes).
- Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple
Certificates from the Same Request
- Bugzilla Bug #648757 - expose and use updated cert verification
function in JSS
- Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection
of signature algorithm; and for ECC curves
- Bugzilla Bug #451874 - RFE - Java console - Certificate Wizard missing
e.c. support
- Bugzilla Bug #651040 - cloning shoud not include sslserver
- Bugzilla Bug #542863 - RHCS8: Default cert audit nickname written to
CS.cfg files imcomplete when the cert is stored on a hsm
- Bugzilla Bug #360721 - New Feature: Profile Integrity Check . . .
- Bugzilla Bug #651916 - kra and ocsp are using incorrect ports
to talk to CA and complete configuration in DonePanel
- Bugzilla Bug #642359 - CC Feature - need to verify certificate when it
is added
- Bugzilla Bug #653713 - CC: setting trust on a CIMC cert requires
auditing
- Bugzilla Bug #489385 - references to rhpki
- Bugzilla Bug #499494 - change CA defaults to SHA2
- Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit
policy extension to 5 only
- Bugzilla Bug #649910 - Console: an auditor or agent can be added to
an administrator group.
- Bugzilla Bug #632425 - Port to tomcat6
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
- Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets
as expected
- Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for
validity
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1
- Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with
Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA.
- Bugzilla Bug #661889 - The Servlet TPSRevokeCert of the CA returns an
error to TPS even if certificate in question is already revoked.
- Bugzilla Bug #663546 - Disable the functionalities that are not exposed
in the console
- Bugzilla Bug #661514 - CMAKE build system requires rules to make
javadocs
- Bugzilla Bug #658188 - remove remaining references to tomcat5
- Bugzilla Bug #649343 - Publishing queue should recover from CA crash.
- Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and
pkiCA, obsolete 2252 and 2256
- Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs
- Bugzilla Bug #656733 - Standardize jar install location and jar names
- Bugzilla Bug #661142 - Verification should fail when
a revoked certificate is added
- Bugzilla Bug #642741 - CS build uses deprecated functions
- Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error
- Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time
interface is no longer available through console
- \'pki-selinux\'
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #667153 - store nuxwdog passwords in kernel ring buffer -
selinux changes
- \'pki-ca\'
- Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review
- Bugzilla Bug #620925 - CC: auditor needs to be able to download audit
logs in the java subsystems
- Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA
- Bugzilla Bug #583824 - CC: Duplicate servlet mappings found as part of
CC interface doc review
- Bugzilla Bug #621602 - pkiconsole: Click on \'Publishing\' option with
admin privilege throws error \"You are not authorized to perform this
operation\".
- Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml
as part of CC interface review
- Bugzilla Bug #583823 - CC: Auditing issues found as result of
CC - interface review
- Bugzilla Bug #519291 - Deleting a CRL Issuing Point after edits throws
\'Internal Server Error\'.
- Bugzilla Bug #586700 - OCSP Server throws fatal error while using
OCSP console for renewing SSL Server certificate.
- Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes.
- Bugzilla Bug #621338 - Include a server randomly-generated 16 byte
senderNonce in all signed SCEP responses.
- Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be
generated on TKS instead of TPS.
- Bugzilla Bug #630121 - OCSP responder lacking option to delete or
disable a CA that it serves
- Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1
- Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade
attack in SCEP
- Bugzilla Bug #621334 - Provide an option to set default hash algorithm
for signing SCEP response messages.
- Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned
by Reason Code - onlySomeReasons ?
- Bugzilla Bug #637330 - CC feature: Key Management - provide signature
verification functions (JAVA subsystems)
- Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port
fowarding for agent services
- Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on
ECC curve names (not on key sizes).
- Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple
Certificates from the Same Request
- Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection
of signature algorithm; and for ECC curves
- Bugzilla Bug #529945 - (Instructions and sample only) CS 8.0 GA
release -- DRM and TKS do not seem to have CRL checking enabled
- Bugzilla Bug #609641 - CC: need procedure (and possibly tools) to help
correctly set up CC environment
- Bugzilla Bug #509481 - RFE: support sMIMECapabilities extensions in
certificates (RFC 4262)
- Bugzilla Bug #651916 - kra and ocsp are using incorrect ports
to talk to CA and complete configuration in DonePanel
- Bugzilla Bug #511990 - rhcs 7.3, 8.0 - re-activate missing object
signing support in RHCS
- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
- Bugzilla Bug #489385 - references to rhpki
- Bugzilla Bug #499494 - change CA defaults to SHA2
- Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit
policy extension to 5 only
- Bugzilla Bug #649910 - Console: an auditor or agent can be added to
an administrator group.
- Bugzilla Bug #632425 - Port to tomcat6
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets
as expected
- Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for
validity
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #661128 - incorrect CA ports used for revoke, unrevoke
certs in TPS
- Bugzilla Bug #512496 - RFE rhcs80 - crl updates and scheduling feature
- Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with
Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA.
- Bugzilla Bug #649343 - Publishing queue should recover from CA crash.
- Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and
pkiCA, obsolete 2252 and 2256
- Bugzilla Bug #223346 - Two conflicting ACL list definitions in source
repository
- Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs
- Bugzilla Bug #656733 - Standardize jar install location and jar names
- Bugzilla Bug #661142 - Verification should fail when
a revoked certificate is added
- Bugzilla Bug #668100 - DRM storage cert has OCSP signing extended key
usage
- Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time
interface is no longer available through console
- Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory
During CRL Generation
- \'pki-silent\'
- Bugzilla Bug #627309 - pkisilent subca configuration fails.
- Bugzilla Bug #640091 - pkisilent panels need to match with changed java
subsystems
- Bugzilla Bug #527322 - pkisilent ConfigureDRM should configure DRM
Clone.
- Bugzilla Bug #643053 - pkisilent DRM configuration fails
- Bugzilla Bug #583754 - pki-silent needs an option to configure signing
algorithm for CA certificates
- Bugzilla Bug #489385 - references to rhpki
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
interface
- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
- Bugzilla Bug #640042 - TPS Installlation Wizard: need to move Module
Panel up to before Security Domain Panel
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
- Bugzilla Bug #588323 - Failed to enable cipher 0xc001
- Bugzilla Bug #656733 - Standardize jar install location and jar names
- Bugzilla Bug #645895 - pkisilent: add ability to select ECC curves,
signing algorithm
- Bugzilla Bug #658641 - pkisilent doesn\'t not properly handle passwords
with special characters
- Bugzilla Bug #642741 - CS build uses deprecated functions
Thu Jan 13 13:00:00 2011 Matthew Harmsen 9.0.0-3
- Bugzilla Bug #668839 - Review Request: pki-core
- Removed empty \"pre\" from \"pki-ca\"
- Consolidated directory ownership
- Corrected file ownership within subpackages
- Removed all versioning from NSS and NSPR packages
Thu Jan 13 13:00:00 2011 Matthew Harmsen 9.0.0-2
- Bugzilla Bug #668839 - Review Request: pki-core
- Added component versioning comments
- Updated JSS from \"4.2.6-10\" to \"4.2.6-12\"
- Modified installation section to preserve timestamps
- Removed sectional comments
Wed Dec 1 13:00:00 2010 Matthew Harmsen 9.0.0-1
- Initial revision. (kwrightAATTredhat.com & mharmsenAATTredhat.com)
|
|
|
